Users Need to Patch 63 New Updates in Windows
Windows Updates Once Again…Its Time to update Windows operating system for Security updates.
This month Windows have 63 security vulnerabilities, of which 12 are rated critical, 49 High and one medium and one low in severity.Two Bugs are patched by the tech giant this month, and one bug is reported as used by Black hat hackers.
Windows Zero-Day Exploit Being Exploited by Black Hat Hackers
The zero-day exploit of windows, known as CVE-2018-8589, which is being exploited by security researchers from Kaspersky Labs.
The 63 Flaws are:-
Windows Deployment Services TFTP Server Remote Code Execution Vulnerability | CVE-2018-8476 | Critical |
Microsoft Graphics Components Remote Code Execution Vulnerability | CVE-2018-8553 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8588 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8541 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8542 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8543 | Critical |
Windows VBScript Engine Remote Code Execution Vulnerability | CVE-2018-8544 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8555 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8556 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8557 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8551 | Critical |
Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability | CVE-2018-8609 | Critical |
Azure App Service Cross-site Scripting Vulnerability | CVE-2018-8600 | High |
Windows Win32k Elevation of Privilege Vulnerability | CVE-2018-8589 | High |
BitLocker Security Feature Bypass Vulnerability | CVE-2018-8566 | High |
Windows ALPC Elevation of Privilege Vulnerability | CVE-2018-8584 | High |
Team Foundation Server Cross-site Scripting Vulnerability | CVE-2018-8602 | High |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8605 | High |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8606 | High |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8607 | High |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8608 | High |
Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability | CVE-2018-8471 | High |
DirectX Elevation of Privilege Vulnerability | CVE-2018-8485 | High |
DirectX Elevation of Privilege Vulnerability | CVE-2018-8554 | High |
DirectX Elevation of Privilege Vulnerability | CVE-2018-8561 | High |
Win32k Elevation of Privilege Vulnerability | CVE-2018-8562 | High |
Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2018-8572 | High |
Microsoft Exchange Server Elevation of Privilege Vulnerability | CVE-2018-8581 | High |
Windows COM Elevation of Privilege Vulnerability | CVE-2018-8550 | High |
Windows VBScript Engine Remote Code Execution Vulnerability | CVE-2018-8552 | High |
Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2018-8568 | High |
Windows Elevation Of Privilege Vulnerability | CVE-2018-8592 | High |
Microsoft Edge Elevation of Privilege Vulnerability | CVE-2018-8567 | High |
DirectX Information Disclosure Vulnerability | CVE-2018-8563 | High |
MSRPC Information Disclosure Vulnerability | CVE-2018-8407 | High |
Windows Audio Service Information Disclosure Vulnerability | CVE-2018-8454 | High |
Win32k Information Disclosure Vulnerability | CVE-2018-8565 | High |
Microsoft Outlook Information Disclosure Vulnerability | CVE-2018-8558 | High |
Windows Kernel Information Disclosure Vulnerability | CVE-2018-8408 | High |
Microsoft Edge Information Disclosure Vulnerability | CVE-2018-8545 | High |
Microsoft SharePoint Information Disclosure Vulnerability | CVE-2018-8578 | High |
Microsoft Outlook Information Disclosure Vulnerability | CVE-2018-8579 | High |
PowerShell Remote Code Execution Vulnerability | CVE-2018-8256 | High |
Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8522 | High |
Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8576 | High |
Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8524 | High |
Microsoft Word Remote Code Execution Vulnerability | CVE-2018-8539 | High |
Microsoft Word Remote Code Execution Vulnerability | CVE-2018-8573 | High |
Microsoft Excel Remote Code Execution Vulnerability | CVE-2018-8574 | High |
Microsoft Project Remote Code Execution Vulnerability | CVE-2018-8575 | High |
Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8582 | High |
Windows Search Remote Code Execution Vulnerability | CVE-2018-8450 | High |
Microsoft Excel Remote Code Execution Vulnerability | CVE-2018-8577 | High |
Internet Explorer Memory Corruption Vulnerability | CVE-2018-8570 | High |
Microsoft JScript Security Feature Bypass Vulnerability | CVE-2018-8417 | High |
Windows Security Feature Bypass Vulnerability | CVE-2018-8549 | High |
Microsoft Edge Spoofing Vulnerability | CVE-2018-8564 | High |
Active Directory Federation Services XSS Vulnerability | CVE-2018-8547 | High |
Team Foundation Server Remote Code Execution Vulnerability | CVE-2018-8529 | High |
Yammer Desktop Application Remote Code Execution Vulnerability | CVE-2018-8569 | High |
Microsoft Powershell Tampering Vulnerability | CVE-2018-8415 | High |
.NET Core Tampering Vulnerability | CVE-2018-8416 | Medium |
Microsoft Skype for Business Denial of Service Vulnerability | CVE-2018-8546 | Low |
Note – Visit Cryptus For Cyber Security training in India
Summary
Reviewer
MANISH KUMAWAT - Cyber Security Expert
Review Date
Author Rating